Privacy & Information Security Law Blog

On August 5, 2011, the Beijing Second Intermediate People’s Court announced its decision in what is reported to be the largest criminal case to date involving the misuse of personal information in Beijing, China.  The Court based its ruling on Article 7 of the Seventh Amendment to the Criminal Law, which applies to three types of criminal activities: (1) illegal sale of citizens’ personal information, (2) illegal provision of citizens’ personal information, and (3) illegal access to citizens’ personal information.

Overview of the Charges

According to Chinese news reports, a total of 23 defendants were accused of having taken various actions which ultimately resulted in the illegal purchase, sale or provision of personal information between March and December of 2009.

• Seven of the defendants were accused of using their employment in the telecommunications industry to access customer personal information.
  • One defendant was a manager at the only company that is legally authorized to provide subscriber location services in Beijing (subject to certain restrictions).  This particular defendant was accused of using restricted means to obtain location information for over 90 cell phone numbers, which he subsequently sold for a profit of about RMB 90,000 (approximately $14,000).
  • Six defendants were employees of several other Chinese telecommunications companies.  These defendants were accused of obtaining personal information through their jobs, and then illegally selling or providing call lists and other customer personal information to unauthorized persons. 
• Fourteen of the defendants were accused of illegally purchasing or otherwise obtaining personal information (e.g., information about telephone owners, call lists, cell phone location information, registered address information, temporary residents’ information), and then selling or providing the information to third parties.  These defendants used QQ (a popular Chinese instant messaging service), phone calls, text messages, emails and other means to obtain and distribute the personal information.
• The remaining two defendants were accused of facilitating the destruction of evidence that implicated certain other defendants mentioned above.

Summary of the Ruling

• Three of the seven defendants who worked for telecommunications companies and were accused of having illegally sold personal information obtained through their jobs were found guilty of the illegal sale of citizens’ personal information.
• The other four of the seven defendants who worked for telecommunications companies, and were accused of having illegally provided (for no financial gain) personal information obtained through their jobs, were found guilty of the illegal provision of citizens’ personal information.
• The fourteen defendants who were accused of obtaining personal information through various illegal transactions and other means were found guilty of illegal access to citizens’ personal information.
• The remaining two defendants were found guilty of destroying evidence.

The court sentenced fourteen of the defendants to prison terms ranging from 20 months to 36 months.  The other nine defendants received suspended sentences.

In March 2009, we commented in a blog post on Article 7 of the Seventh Amendment to the Criminal Law.  The most significant aspect of this recent case may be the way in which the term “personal information” was interpreted and applied by the court.  There is no clear, single definition of “personal information” under Chinese law generally, nor is “personal information” defined in the P.R.C. Criminal Law for purposes of the Seventh Amendment.  In this case, the personal information involved included call lists, text message details, registration information for cell phones and landlines, registered residence information, bank account details, automobile and housing registration information, cell phone location information and other information.  Of particular importance is the fact that this is the first case in which a Chinese court has found that cell phone location information is considered “personal information.” 

Though case law does not create binding precedent in China, this ruling may indicate a trend toward the development and application of laws protecting personal information in China.